BIP Conformance Report Template
Companion to: yona:ruleset:v1.0
Document: BIP Conformance Report Template
Scope of this document: a non-normative suggested format for documenting BIP conformance results for implementations claiming conformance to yona:ruleset:v1.0
Conformance status: This document is non-normative. It does not add, remove, or modify protocol requirements, BIP requirements, or test-suite pass/fail criteria.
License
Copyright © 2026 YONA LLC.
Text and explanatory content in this document are licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0).
Any machine-readable artifacts published with this document, if any, are licensed under the Apache License 2.0 (Apache-2.0), unless a specific bundle states otherwise.
Names and marks: CC BY 4.0 and Apache-2.0 do not grant trademark rights. Nothing in this document grants rights to use any names, logos, or other marks beyond what applicable law permits.
Disclaimer: This document and any included artifacts are provided “AS IS”, without warranties or conditions of any kind, and without liability for damages arising from their use.
Patent policy: See the YONA Patent Policy published on YONA's website for YONA's royalty-free implementation commitment for any Essential Claims it owns or controls.
License texts: CC BY 4.0 and Apache-2.0
1. Purpose and Use
This document provides an optional format for reporting BIP conformance results under yona:ruleset:v1.0.
Use of this template is not required for conformance.
A technical conformance claim under yona:ruleset:v1.0 depends only on:
- satisfying all applicable normative requirements in YONA Ruleset 1.0;
- satisfying all applicable normative requirements in the Base Interoperability Profile (BIP); and
- passing all applicable normative test cases in the BIP Conformance Test Suite.
This template is a suggested format for presenting those results.
2. What This Template Does Not Do
This template does not change protocol requirements, BIP requirements, test cases, or pass/fail criteria.
It also does not define an exclusive issuer, assessor, publication venue, registry, or credential format.
A completed report may be used for internal review, self-asserted claims, bilateral review, procurement review, or third-party attestation, but those uses remain outside the scope of the protocol and BIP.
4. Minimum Statements a Conformance Report Must Include
A completed conformance report should state, at minimum:
- which role or roles were tested;
- the tested interaction scope (
pull,push, or both); - the tested
ruleset_id; - the tested BIP version or release identifier, if separately published; and
- any configuration inputs that materially affect validation, timeout handling, replay handling, caching, or repeated-request behavior.
5. Suggested Report Template
Copy, paste, and complete the following sections.
A. Report Metadata
Report ID:
Date:
Organization making or commissioning this report:
Primary contact:
Contact email:
Report type:
- ☐ Self-asserted conformance report
- ☐ Third-party assessment report
- ☐ Internal validation record
- ☐ Other: __________________
Assessor name (if third-party):
Assessment engagement / reference ID (optional):
Publication URI (optional):
Credential / certificate / VC identifier (optional):
B. Implementation Under Test
Implementation name:
Implementation version / release:
Source revision / commit / build identifier:
Deployment environment identifier:
Role(s) tested:
- ☐ Originator VASP client
- ☐ Beneficiary VASP server
Interaction scope claimed:
- ☐
pull - ☐
push - ☐ both
Flows exercised:
- ☐ Pull-payment retrieval
- ☐ Pull-payment authorization
- ☐ Push-payment authorization
Endpoint(s) exercised:
- ☐
YonaPaymentIntentService - ☐
YonaAuthorizationService
Originator DID(s) used in testing:
Beneficiary DID(s) used in testing:
Service endpoint URL(s) resolved during testing:
YonaPaymentIntentService:
YonaAuthorizationService:
C. Governing Artifacts
Tested ruleset_id: yona:ruleset:v1.0
Ruleset document identifier / version label:
Ruleset artifact SHA-256 (optional):
BIP document identifier / version label:
BIP artifact SHA-256 (optional):
BIP Conformance Test Suite identifier / version label:
BIP Conformance Test Suite artifact SHA-256 (optional):
Reference Messages and DID Examples identifier / version label (optional):
Reference-messages artifact SHA-256 (optional):
Any local pinned artifact set / manifest identifier (optional):
D. Environment and Material Configuration Inputs
D.1 JOSE and signature validation
Allowed JOSE algorithms:
JOSE library / version:
Key resolution method:
Any local algorithm allowlist notes:
D.2 DID resolution
DID resolver implementation / version:
did:web resolution mode:
Any resolver overrides used during testing:
DID caching behavior (TTL / invalidation / pinning):
D.3 HTTP / TLS
HTTP client stack (if originator role tested):
HTTP server stack (if beneficiary role tested):
Minimum TLS version enforced:
TLS certificate validation policy summary:
Any mTLS / allowlist / network constraints:
D.4 Time and freshness
Clock source / environment:
Clock skew tolerance:
iat / exp enforcement notes:
Authorization timeout handling policy:
Late-response handling policy:
D.5 Replay and repeated-request behavior
Replay window duration:
Replay storage mechanism:
Repeated-request retention window:
Repeated-request state storage mechanism:
Replay scope used for signed-message replay handling:
Repeated-request scope used for yona.authorization_request handling:
Material inputs used for repeated-request comparison:
Non-material request differences tolerated without changing decision:
D.6 Parsing and validation limits
Maximum request size:
Maximum response size:
Duplicate-member-name handling:
Unknown/additional-field handling:
Any local validation reason mapping (optional):
E. Scope of Test Execution
E.1 Role Coverage
| Role | Tested | Notes |
|---|---|---|
| Originator VASP client | ☐ Yes ☐ No | |
| Beneficiary VASP server | ☐ Yes ☐ No |
E.2 Endpoint Coverage
| Endpoint | Tested | Notes |
|---|---|---|
YonaPaymentIntentService | ☐ Yes ☐ No | |
YonaAuthorizationService | ☐ Yes ☐ No |
E.3 Flow Coverage
| Flow | Tested | Notes |
|---|---|---|
| Pull-payment retrieval | ☐ Yes ☐ No | |
| Pull-payment authorization | ☐ Yes ☐ No | |
| Push-payment authorization | ☐ Yes ☐ No |
E.4 Not-Applicable Cases
List any suite cases treated as not applicable, and explain why.
| Case ID / family | Not-applicable basis | Explanation |
|---|---|---|
F. Results Summary
Overall result:
- ☐ PASS
- ☐ FAIL
Determinism statement:
Repeated executions of the same applicable test vectors under the same configuration produced deterministic outcomes.
- ☐ Yes
- ☐ No
If FAIL, list the failing cases and reasons:
If PASS, confirm there are no open deviations that would change deterministic behavior:
- ☐ Confirmed
General notes / deviations / observations:
G. Case-by-Case Results
Fill one row per applicable test case executed.
| Case ID | Role | Endpoint / flow | Expected result | Observed result | PASS/FAIL | Evidence pointers |
|---|---|---|---|---|---|---|
For repeated-request or binding-sensitive cases, also record the exact request/response hash evidence below or in attachments.
H. Evidence Inventory
Record evidence over exact bytes used on the wire.
H.1 DID Document Hashes
Resolved originator DID document SHA-256 (exact bytes):
Resolved beneficiary DID document SHA-256 (exact bytes):
H.2 Request / Response Hashes
For each applicable executed case:
| Case ID | Request JWS SHA-256 (exact bytes sent) | Response JWS SHA-256 (exact bytes received), if any | request_jws_sha256 recomputation value | Signature verification result | Notes |
|---|---|---|---|---|---|
H.3 Binding Evidence
For each accepted terminal response, record:
- the exact request bytes used for recomputation
- the recomputed
request_jws_sha256value - whether the response value matched exactly
H.4 Timeout and no-response evidence
For each no-response classification, record:
- request send timestamp
- cutoff timestamp
- observed outcome
- evidence that no eligible terminal response was obtained by cutoff
- evidence that any late response was ignored, if applicable
I. Negative Coverage Results
Record one row per negative condition demonstrated.
| Negative condition | Input summary | Expected classification | Observed classification | PASS/FAIL | Evidence pointers |
|---|---|---|---|---|---|
Wrong aud | validation fail / terminal REJECT if bindable, otherwise no YONA response message | ||||
| Unsupported JOSE algorithm | validation fail / terminal REJECT if bindable, otherwise no YONA response message | ||||
Unknown kid | validation fail / terminal REJECT if bindable, otherwise no YONA response message | ||||
| Invalid signature | validation fail / terminal REJECT if bindable, otherwise no YONA response message | ||||
Expired exp / excessive skew | validation fail / terminal REJECT if bindable, otherwise no YONA response message | ||||
| Discovery failure / missing required service | client MUST NOT send request | ||||
| Binding mismatch in response | originator rejects response / no valid terminal response for outcome purposes | ||||
Late terminal response after NO_RESPONSE classification | ignore for outcome purposes |
J. Repeated-Request Results
Complete this section if repeated yona.authorization_request cases were executed.
| Sequence ID | Initial request decision | Repeat request decision | Materially equivalent? | Request hash 1 | Request hash 2 | Response hash 1 | Response hash 2 |
|---|---|---|---|---|---|---|---|
Record the repeated-request rule applied during testing:
Repeated-request scope:
Retention window:
Material input set:
Non-material request differences:
K. Attachments / Evidence Pointers
Attach or link to supporting evidence, where available, such as:
- exact request and response JWS samples
- relevant DID documents or exact-byte captures
- HTTP logs
- JOSE parsing and signature-verification logs
- binding recomputation logs
- timeout or cutoff logs
- replay or repeated-request logs
- relevant environment configuration excerpts
L. Optional suggested claim language
L.1 Self-asserted form
[Organization / implementation name] states that the implementation identified in this report was tested for the roles and scope described herein against yona:ruleset:v1.0, the corresponding Base Interoperability Profile, and the identified BIP Conformance Test Suite release, and produced the results recorded in this report.
L.2 Third-party assessment form
[Assessor name] assessed the implementation identified in this report for the roles and scope described herein against yona:ruleset:v1.0, the corresponding Base Interoperability Profile, and the identified BIP Conformance Test Suite release, and recorded the results in this report.
Do not state or imply that YONA LLC, any future YONA successor body, or any other party reviewed, approved, issued, or published the claim unless that actually occurred.
M. Sign-off
Prepared by:
Title / role:
Date:
Signature / approval record (optional):
Reviewed by (optional):
Title / role:
Date:
Signature / approval record (optional):
6. Interpretation Notes
This template is intentionally evidence-oriented. BIP conformance concerns deterministic interoperability across independent implementations.
A useful conformance report allows a counterparty, assessor, or internal reviewer to understand what was tested, under what scope and configuration, and with what result.
For that reason, the report should make role, interaction scope, material configuration inputs, applicable-case coverage, and exact-byte evidence explicit.
7. Non-Normative Reminder
This template is optional.
Conformance under yona:ruleset:v1.0 is determined by:
Use of this template, publication venue, or any particular credential or issuer is not required for a conformance claim under YONA.